Attached is the final IPR language going out for signatures this week pending final green light from all listed contributors. While we are not in a position to change it, I am happy to answer any questions you have (or at least get the lawyers to answer them for you).
I suggest that those of you who are "smaller players" rather than dealing with paper etc, that we comment on it and sign it there.
I do have some questions to it that maybe Gabe can comment on:
"This is a personal promise directly from me to you, and you acknowledge as a condition of benefiting from it that no rights from me are received by your suppliers, distributors, or otherwise in connection with this promise."
I read this as we as users of the OAuth protocols are protected against IP litigation but our consultants, ISP's ets do not have this right. That seems to me like illogical legalese double talk. What exactly is the purpose of that sentence?
Overall while it does have a lot of legalese, I guess it's not too bad and definitely way more thorough than the original. I'd like to templatize it and maybe work on cleaning up the legalese so other projects can use it.
Pelle
On Mon, Jun 30, 2008 at 11:46 PM, Eran Hammer-Lahav <e...@hueniverse.com> wrote: > For you reading pleasure...
> Attached is the final IPR language going out for signatures this week > pending final green light from all listed contributors. While we are not in > a position to change it, I am happy to answer any questions you have (or at > least get the lawyers to answer them for you).
For Core 1.0 we are asking for paper copies following the OpenID process.
For OAuth 2008.1 we are asking for paper copies from all corporate entities. For individual unemployed contributors we might consider a lighter process but so far none have been active on the specs.
The bottom line is we can't verify what your employer allows you to do, and what the local law says about work done outside company time. This means if you work for a company, we need that company to sign the agreement. We will secure signatures from as many companies as possible making it easy for their employees to participate. We will reach out to your employer if it helps and explain to them what this agreement means.
Moving forward for post 2008.1 work, we will need to find a better "home" for OAuth that takes care of all this for us for "free".
The is a huge difference between working on open source (code) and working on specifications. There is a reason why almost no such effort taking place outside of well defined foundations.
EHL
On 7/2/08 3:12 PM, "Pelle Braendgaard" <pel...@gmail.com> wrote:
Thanks Eran for posting this. I've made it available here:
I suggest that those of you who are "smaller players" rather than dealing with paper etc, that we comment on it and sign it there.
I do have some questions to it that maybe Gabe can comment on:
"This is a personal promise directly from me to you, and you acknowledge as a condition of benefiting from it that no rights from me are received by your suppliers, distributors, or otherwise in connection with this promise."
I read this as we as users of the OAuth protocols are protected against IP litigation but our consultants, ISP's ets do not have this right. That seems to me like illogical legalese double talk. What exactly is the purpose of that sentence?
Overall while it does have a lot of legalese, I guess it's not too bad and definitely way more thorough than the original. I'd like to templatize it and maybe work on cleaning up the legalese so other projects can use it.
Pelle
On Mon, Jun 30, 2008 at 11:46 PM, Eran Hammer-Lahav <e...@hueniverse.com> wrote: > For you reading pleasure...
> Attached is the final IPR language going out for signatures this week > pending final green light from all listed contributors. While we are not in > a position to change it, I am happy to answer any questions you have (or at > least get the lawyers to answer them for you).
Point of clarification: what do you mean by "unemployed"? If one works for himself, as I did when I worked on OAuth originally, would I be considered unemployed (I don't mean *under*employed!). Just trying to understand the distinction...
Ultimately we're looking for signatures from those entities who have the authority to say whether or not they will sue anyone to prevent them from implementing OAuth... so if you're employed by Google, let's say, it's unlikely that unless you're an authorized VP, you can speak on behalf of the company in terms of what they can or can't do with their IP.
While we certainly want individuals to be able to sign this document and represent that it's not just big corporate brainless giants (I mean the companies, not the people, since companies are soulless) that are working on OAuth, this process nonetheless has to satisfy their skittishness around these matters...
Am happy to have a public version of this document signed on Agree2 -- can't say that it'll be binding, but we got it done for the first version of this IPR -- it'd be nice to have a digital version on the end of a permalink on Agree2 to demonstrate who's on board -- and furthermore, give others subsequent to us the chance to express their support of the agreement.
Chris
On Wed, Jul 2, 2008 at 3:41 PM, Eran Hammer-Lahav <e...@hueniverse.com> wrote:
> I have forwarded the question to our legal team.
> For Core 1.0 we are asking for paper copies following the OpenID process.
> For OAuth 2008.1 we are asking for paper copies from all corporate > entities. For *individual unemployed* contributors we might consider a > lighter process but so far none have been active on the specs.
> The bottom line is we can't verify what your employer allows you to do, and > what the local law says about work done outside company time. This means if > you work for a company, we need that company to sign the agreement. We will > secure signatures from as many companies as possible making it easy for > their employees to participate. We will reach out to your employer if it > helps and explain to them what this agreement means.
> Moving forward for post 2008.1 work, we will need to find a better "home" > for OAuth that takes care of all this for us for "free".
> The is a huge difference between working on open source (code) and working > on specifications. There is a reason why almost no such effort taking place > outside of well defined foundations.
> EHL
> On 7/2/08 3:12 PM, "Pelle Braendgaard" <pel...@gmail.com> wrote:
> Thanks Eran for posting this. I've made it available here:
> I suggest that those of you who are "smaller players" rather than > dealing with paper etc, that we comment on it and sign it there.
> I do have some questions to it that maybe Gabe can comment on:
> "This is a personal promise directly from me to you, and you > acknowledge as a condition of benefiting from it that no rights from > me are received by your suppliers, distributors, or otherwise in > connection with this promise."
> I read this as we as users of the OAuth protocols are protected > against IP litigation but our consultants, ISP's ets do not have this > right. That seems to me like illogical legalese double talk. What > exactly is the purpose of that sentence?
> Overall while it does have a lot of legalese, I guess it's not too bad > and definitely way more thorough than the original. I'd like to > templatize it and maybe work on cleaning up the legalese so other > projects can use it.
> Pelle
> On Mon, Jun 30, 2008 at 11:46 PM, Eran Hammer-Lahav <e...@hueniverse.com> > wrote: > > For you reading pleasure...
> > Attached is the final IPR language going out for signatures this week > > pending final green light from all listed contributors. While we are not > in > > a position to change it, I am happy to answer any questions you have (or > at > > least get the lawyers to answer them for you).
I've transfered ownership of the declaration over to you Chris. There was also a problem with a character in the permalink so I've had to change it (and fix code for that not to happen again).
I'm all for getting the text right and getting them involved. I still stand by my blog post last week about us not having to always bend to the whims of "real businesses".
Perhaps we can work on a feature in Agree2 to maintain the scanned copies of the signature pages that you will be receiving.
I will also note that there is nothing that makes signing the agreement physically on paper more "legal" in the eye of the law and courts than doing it on Agree2.
The key aspect in legality, which is well covered in the actual agreement is whether you have the right to sign the agreement for your organisation or not, but that is an issue whether it's signed electronically or by hand.
I for example am perfectly authorized to sign it for an on behalf of Extra Eagle LLC. That said there may very well have been people who signed the last version who weren't fully authorized by their respective companies.
On Wed, Jul 2, 2008 at 5:11 PM, Chris Messina <chris.mess...@gmail.com> wrote: > Yeah, a home for all this stuff... +10bazillion!
> Point of clarification: what do you mean by "unemployed"? If one works for > himself, as I did when I worked on OAuth originally, would I be considered > unemployed (I don't mean underemployed!). Just trying to understand the > distinction...
> Ultimately we're looking for signatures from those entities who have the > authority to say whether or not they will sue anyone to prevent them from > implementing OAuth... so if you're employed by Google, let's say, it's > unlikely that unless you're an authorized VP, you can speak on behalf of the > company in terms of what they can or can't do with their IP.
> While we certainly want individuals to be able to sign this document and > represent that it's not just big corporate brainless giants (I mean the > companies, not the people, since companies are soulless) that are working on > OAuth, this process nonetheless has to satisfy their skittishness around > these matters...
> Am happy to have a public version of this document signed on Agree2 -- can't > say that it'll be binding, but we got it done for the first version of this > IPR -- it'd be nice to have a digital version on the end of a permalink on > Agree2 to demonstrate who's on board -- and furthermore, give others > subsequent to us the chance to express their support of the agreement.
> Chris
> On Wed, Jul 2, 2008 at 3:41 PM, Eran Hammer-Lahav <e...@hueniverse.com> > wrote:
>> I have forwarded the question to our legal team.
>> For Core 1.0 we are asking for paper copies following the OpenID process.
>> For OAuth 2008.1 we are asking for paper copies from all corporate >> entities. For individual unemployed contributors we might consider a lighter >> process but so far none have been active on the specs.
>> The bottom line is we can't verify what your employer allows you to do, >> and what the local law says about work done outside company time. This means >> if you work for a company, we need that company to sign the agreement. We >> will secure signatures from as many companies as possible making it easy for >> their employees to participate. We will reach out to your employer if it >> helps and explain to them what this agreement means.
>> Moving forward for post 2008.1 work, we will need to find a better "home" >> for OAuth that takes care of all this for us for "free".
>> The is a huge difference between working on open source (code) and working >> on specifications. There is a reason why almost no such effort taking place >> outside of well defined foundations.
>> EHL
>> On 7/2/08 3:12 PM, "Pelle Braendgaard" <pel...@gmail.com> wrote:
>> Thanks Eran for posting this. I've made it available here:
>> I suggest that those of you who are "smaller players" rather than >> dealing with paper etc, that we comment on it and sign it there.
>> I do have some questions to it that maybe Gabe can comment on:
>> "This is a personal promise directly from me to you, and you >> acknowledge as a condition of benefiting from it that no rights from >> me are received by your suppliers, distributors, or otherwise in >> connection with this promise."
>> I read this as we as users of the OAuth protocols are protected >> against IP litigation but our consultants, ISP's ets do not have this >> right. That seems to me like illogical legalese double talk. What >> exactly is the purpose of that sentence?
>> Overall while it does have a lot of legalese, I guess it's not too bad >> and definitely way more thorough than the original. I'd like to >> templatize it and maybe work on cleaning up the legalese so other >> projects can use it.
>> Pelle
>> On Mon, Jun 30, 2008 at 11:46 PM, Eran Hammer-Lahav <e...@hueniverse.com> >> wrote: >> > For you reading pleasure...
>> > Attached is the final IPR language going out for signatures this week >> > pending final green light from all listed contributors. While we are not >> > in >> > a position to change it, I am happy to answer any questions you have (or >> > at >> > least get the lawyers to answer them for you).
OK, Pelle, since you called me out, let me explain how I understand it (in very rough terms), but of course This Isn't Legal Advice.
This is a non-assertion statement (covenant == promise). What its saying is merely that I (the signer) won't sue you (the "reader"/promisee) around OAuth, and this document gives legal force to that promise.
The clause you are highlighting is saying "but I don't give you any rights beyond this promise not to sue".
Practically speaking, the "reader" could be anyone who chooses to be a reader - thus the advantage of the promise not to sue (ie protection from a lawsuit) can apply to anyone who wants it.
This would therefore cover all of the folks you mention. The ISP, consultants, are essentially also covered by this provision because they are just as much a "reader" (using my lousy wording) as you. In effect, *everyone in the world* gets the same protection (with some caveats which I won't even go into and could probably have a lot of fun coming up with).
So I think its actually quite straightforward in this regard.
> I suggest that those of you who are "smaller players" rather than > dealing with paper etc, that we comment on it and sign it there.
> I do have some questions to it that maybe Gabe can comment on:
> "This is a personal promise directly from me to you, and you > acknowledge as a condition of benefiting from it that no rights from > me are received by your suppliers, distributors, or otherwise in > connection with this promise."
> I read this as we as users of the OAuth protocols are protected > against IP litigation but our consultants, ISP's ets do not have this > right. That seems to me like illogical legalese double talk. What > exactly is the purpose of that sentence?
> Overall while it does have a lot of legalese, I guess it's not too bad > and definitely way more thorough than the original. I'd like to > templatize it and maybe work on cleaning up the legalese so other > projects can use it.
> Pelle
> On Mon, Jun 30, 2008 at 11:46 PM, Eran Hammer-Lahav <e...@hueniverse.com> wrote: >> For you reading pleasure...
>> Attached is the final IPR language going out for signatures this week >> pending final green light from all listed contributors. While we are not in >> a position to change it, I am happy to answer any questions you have (or at >> least get the lawyers to answer them for you).
Unemployed == no job / self employed / 1 person LLC / etc. In other words, if you are truly free to any IP you create. We'll let married people pretend they are free...
Because labor law is complicated we can't get into your personal contract with your employer so if you have one, we need them to agree.
EHL
On 7/2/08 5:11 PM, "Chris Messina" <chris.mess...@gmail.com> wrote:
Yeah, a home for all this stuff... +10bazillion!
Point of clarification: what do you mean by "unemployed"? If one works for himself, as I did when I worked on OAuth originally, would I be considered unemployed (I don't mean underemployed!). Just trying to understand the distinction...
Ultimately we're looking for signatures from those entities who have the authority to say whether or not they will sue anyone to prevent them from implementing OAuth... so if you're employed by Google, let's say, it's unlikely that unless you're an authorized VP, you can speak on behalf of the company in terms of what they can or can't do with their IP.
While we certainly want individuals to be able to sign this document and represent that it's not just big corporate brainless giants (I mean the companies, not the people, since companies are soulless) that are working on OAuth, this process nonetheless has to satisfy their skittishness around these matters...
Am happy to have a public version of this document signed on Agree2 -- can't say that it'll be binding, but we got it done for the first version of this IPR -- it'd be nice to have a digital version on the end of a permalink on Agree2 to demonstrate who's on board -- and furthermore, give others subsequent to us the chance to express their support of the agreement.
Chris
On Wed, Jul 2, 2008 at 3:41 PM, Eran Hammer-Lahav <e...@hueniverse.com> wrote:
I have forwarded the question to our legal team.
For Core 1.0 we are asking for paper copies following the OpenID process.
For OAuth 2008.1 we are asking for paper copies from all corporate entities. For individual unemployed contributors we might consider a lighter process but so far none have been active on the specs.
The bottom line is we can't verify what your employer allows you to do, and what the local law says about work done outside company time. This means if you work for a company, we need that company to sign the agreement. We will secure signatures from as many companies as possible making it easy for their employees to participate. We will reach out to your employer if it helps and explain to them what this agreement means.
Moving forward for post 2008.1 work, we will need to find a better "home" for OAuth that takes care of all this for us for "free".
The is a huge difference between working on open source (code) and working on specifications. There is a reason why almost no such effort taking place outside of well defined foundations.
EHL
On 7/2/08 3:12 PM, "Pelle Braendgaard" <pel...@gmail.com <http://pel...@gmail.com> > wrote:
Thanks Eran for posting this. I've made it available here:
I suggest that those of you who are "smaller players" rather than dealing with paper etc, that we comment on it and sign it there.
I do have some questions to it that maybe Gabe can comment on:
"This is a personal promise directly from me to you, and you acknowledge as a condition of benefiting from it that no rights from me are received by your suppliers, distributors, or otherwise in connection with this promise."
I read this as we as users of the OAuth protocols are protected against IP litigation but our consultants, ISP's ets do not have this right. That seems to me like illogical legalese double talk. What exactly is the purpose of that sentence?
Overall while it does have a lot of legalese, I guess it's not too bad and definitely way more thorough than the original. I'd like to templatize it and maybe work on cleaning up the legalese so other projects can use it.
Pelle
On Mon, Jun 30, 2008 at 11:46 PM, Eran Hammer-Lahav <e...@hueniverse.com <http://e...@hueniverse.com> > wrote:
> For you reading pleasure...
> Attached is the final IPR language going out for signatures this week > pending final green light from all listed contributors. While we are not in > a position to change it, I am happy to answer any questions you have (or at > least get the lawyers to answer them for you).
> "This is a personal promise directly from me to you, and you
> acknowledge as a condition of benefiting from it that no rights from
> me are received by your suppliers, distributors, or otherwise in
> connection with this promise."
The reason for this text, which is standard contract language is to
make sure that this license is always defined as a direct promise from
one individual to another. Since "you" is defined very broadly, anyone
can fall under that definition, but it makes the license specific
between two people, and not indirect between the author and your
suppliers, etc. They are covered personally by this but not through
you. This has contract meaning that is beyond my legal understanding.
|
